United States   Change   |   All Microsoft Sites

Home

Microsoft Home  |  Servers and Tools  |  Infrastructure  |  Forefront

Granular Information Protection

Publishing Web, Client-Server, and Other Applications and Resources

Today’s businesses are faced with inadvertent exposure of corporate data that can violate regulatory guidelines and policy compliance. Unmanaged endpoints can act as vectors for spyware to monitor credentials, or as malware agents to mine internal data.

To address this threat, IT administrators expanding access to corporate resources by external users (partners, customers) require a mechanism to restrict access only to healthy clients, ensure that all session residue is erased (to avoid exposure of sensitive data), and prevent attacks on application infrastructure. Together, Microsoft Internet Security and Acceleration (ISA) Server 2006 and Microsoft's Intelligent Application Gateway (IAG) 2007 provide a platform for making corporate data accessible remotely and minimizing the organization’s exposure to undue threats.

  • ISA Server 2006

    Fundamental network-layer security and command filtering, with network policy controls and IPsec virtual private network (VPN) enables fully-managed, rich-client access.

  • IAG 2007

    Internet-based and mobile access from unmanaged endpoints that enforces proper information usage with granular identity-based policies, helping the business to comply with legal and regulatory guidelines.

Granular Information Protection

IAG’s granular access controls, application firewall, and endpoint security and cleanup tools tailored to specific applications enables organizations to maintain information security and integrity and drive compliance with legal and business guidelines, without impeding critical business processes.

Forefront Edge Security: Granular Information Protection

Key IT Administrator Concerns

ISA Server 2006 Provides

IAG 2007 Provides

Control Access

There are too many different policies and security settings for users and applications.

Simplified management tools such as a visual policy editor, monitoring dashboard and network templates automate common tasks.

Endpoint, user, session, and application security are managed through a single unified policy framework, helping IT administrators avoid configuration errors.

My applications and intranet are complex, and we don’t have the expertise and resources to tailor security for each one.

Out-of-the-box settings delivered via pre-configured logic (Intelligent Application Optimizers) for major business applications provide a simplified end-user experience, and comprehensive customization features help adapt IAG 2007 to your environment.

I need to reduce infrastructure maintenance costs.

ISA Server 2006 and IAG 2007 on a single appliance means a single point of management for secure socket layer (SSL) VPN, IPSec VPN and network configuration.

Protect Assets

Legacy Web applications allow full alpha-numeric input in text fields, and are subject to scripting attacks.

IAG 2007 classifies, manages, and helps secure application-layer flows via pre-configured logic that rewrites outgoing HTTP traffic and translates incoming traffic to allow for Web-layer connectivity without client/server tunneling, while filters recognize (in)valid data.

Need to prevent hackers from exploiting the connections remote users are making to corporate network.

Protection for networks from "inside attacks" via VPN client connections through unified firewall and VPN policy management, deep content inspection, and VPN Quarantine integration.

IAG 2007’s Host Integrity Checker looks for anti-malware tools on the client to ensure proper client health status before granting access.

Safeguard Information

I have many different types of users (employees, partners, and customers), with many groups that need different access scenarios.

Policy enforcement at the application and feature level supports differentiated ranges of users, and session residue clean-up removes credentials, cookies, custom, and multiple caches.

Need better visibility into what users are accessing and when.

Strong logging and reporting capabilities for enhanced monitoring of clients accessing corporate resources so attacks can be better identified.

Enhanced monitoring allows for tracking of resource utilization and remote endpoint troubleshooting, while comprehensive logging tracks all activities and traffic on the gateway.

Edge Security